Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

I have already uninstalled everything unusual and run several tools / antivirus, but can't get rid of the localhost proxy and the delayed network connection.

This is unfortunately my uncles PC and have to drive there for all operations. It is much easier for me to do a lot of stuff once, even if half of it isn't necessary, then to schedule multiple appointments.

regards

christian

Here is the output of OTL:

=== i have "attached" 3 different files, OTL.txt and Extras.txt obtained by starting as the default user and OTL.txt obtained by starting OTL "as administrator" ===

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top

Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.

It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\120114-some number.log so look there if you don't see it.

Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

Pause your anti-virus. Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

I would suggest you download Teamviewer from: http://www.teamviewe...m/en/index.aspx on your uncle's PC and set it up for remote access with a permanent password. I use this on my father-in-law's PC and it works really nicely. Don't know how many times I've had to log in to his system to remove malware. Saves a trip which is important since he used to be 3000 miles away. Besides I can't stand him.

clOI

Posted 03 December 2014 - 07:23 AM

clOI

Member

Topic Starter

Member

25 posts

Hi,

just to make my last statement clear. I have definitely removed every program which shouldn't be on this PC the last time I tried to remove the malware, but will not do anything now, unless you instruct me to.

There is an eDeals version 1.0 in the software list I could try to uninstall.

Download, Save, and then uninstall MSE then reboot right click on the file you downloaded and Run As Administrator.

You will have to register but it's free (you want the Basic version not the trial). Once you have it installed and it updates it would be wise to have it run a boot-time scan: Takes a long time so I usually let it run while I sleep.

First mute the speakers so it won't wake you up when Windows loads. Click on the Orange ball. Click on Scans. Change Quickscan to Boot-time Scan. Click on Settings. Where it says Heuristic Sensitivity click on the last rectangle so that all of them are orange and it says High. Check both boxes. Then change When a threat is found ... to: Move to Chest. OK. Now click on Start. Close the Avast window and then reboot. The scan will start. It will tell you where it will save the report. Usually it's

C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location. When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report. If it found anything then open the aswBoot.txt file and copy and paste it. If you can't find it then take a screen shot of the Detailed Report:

RKinner

Posted 05 December 2014 - 08:21 AM

You posted the additions file twice. Can you post the FRST scan? Can't answer your proxy question without it. Which browser are you using for gmail? Does it do the same with other browsers?

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

has returned. So let's do a new FRST fixlist as before. Same procedure as before.

Let's run some other scans just to be sure. These can take a while. Doesn't matter which order you run them. Malware Bytes and TDSSKiller are both fairly quick. Combofix says it takes 15 minutes but these days a few hours is possible. aswMBR will run very quickly if you do not allow it to download the Avast engine. ESET is usually a few hours. Bitdefender is very quick.

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

You should get a log when it finishes. If not this may mean you have the new version of Zero Access malware so run Combofix a second time.

If you still don't get a log search for Combofix.txt. It is usually at => C:\Combofix\Combofix.txt. I'll need to see that in your reply.

If you get an error about a registry value when you try to run a program, then just reboot to clear it.

Download TDSSKiller:

Go to http://support.kaspe...lity#TDSSKiller and select the Orange ZIP download button. Click on the box at the bootm and then hit Download. Save the file then right click on it and Extract All to your desktop . Run the extracted .exe file by Right clicking and Run As Admin.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:

before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.

In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.

When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Malwarebytes' Anti-Malware

:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

It's free. IF you set it up during the install to remote control the PC then you can give it a password that stays. Otherwise it changes at each reboot.

I would also like to see you get rid of Microsoft Security Essentials which MS is no longer really working on. (Not offered on Win 8 - they use a beefed up Windows Defender instead.) Install the free Avast. It's boot-time scan is really good if a bit slow. (takes many hours)

This user has run CCleaner in the past. One version of it is known to cause this error:

shows up at the top of the list. Right click on it and Run As Admin. It should highlight Scheduler Library if not click on it then look in the right pane. There should be a list of tasks and the word Ready after most of them. If you get an error let me know what it says..